WordPress Contact Form 7 Multi-Step Addon Plugin 1.0.4-1.0.5 is vulnerable to Backdoor

Software Contact Form 7 Multi-Step Addon Type Plugin Vulnerable versions 1.0.4-1.0.5 Fixed in 1.0.7 OWASP Top 10 A3: Injection Classification Backdoor CVE CVE-2024-6297 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 210ed7e4774a Credits WordFence Required privilege...

WordPress BLAZE Retail Widget Plugin 2.2.5-2.5.2 is vulnerable to Backdoor

Software BLAZE Retail Widget Type Plugin Vulnerable versions 2.2.5-2.5.2 Fixed in 2.5.4 OWASP Top 10 A3: Injection Classification Backdoor CVE CVE-2024-6297 Patch priority High CVSS severity High 10 Developer Claim ownership PSID b9aa7ce213ab Credits WordFence Required privilege Unauthenticated...

WordPress Uber Menu Plugin <= 3.8.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software Uber Menu Type Plugin Vulnerable versions = 3.8.3 Fixed in 3.8.4 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-3593 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID b1b8ab906f9b Credits M.Awad Required privilege...

WordPress ContentLock Plugin <= 1.0.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software ContentLock Type Plugin Vulnerable versions = 1.0.3 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-6023 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 38c834154e63 Credits Norbert Hofmann Required...

SUSE CVE-2021-47592

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: fix tc flower deletion for VLAN priority Rx steering To replicate the issue:- 1 Add 1 flower filter for VLAN Priority based frame steering:- $ IFDEVNAME=eth0 $ tc qdisc add dev $IFDEVNAME ingress $ tc qdisc add dev...

SUSE CVE-2024-36974

In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: always validate TCATAPRIOATTRPRIOMAP If one TCATAPRIOATTRPRIOMAP attribute has been provided, taprioparsemqprioopt must validate it, or userspace can inject arbitrary data to the kernel, the second time...

WordPress Newspack Newsletters Plugin <= 2.13.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Newspack Newsletters Type Plugin Vulnerable versions = 2.13.2 Fixed in 2.13.3 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-37242 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 8f54e12bc4ce Credits Rafie Muhamm...

WordPress WPAdverts – Classifieds Plugin Plugin <= 2.1.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software WPAdverts – Classifieds Plugin Type Plugin Vulnerable versions = 2.1.2 Fixed in 2.1.3 OWASP Top 10 A4: Insecure Design Classification Cross Site Request Forgery CSRF CVE CVE-2024-37238 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 19fe789eab09 Credits Majed Refa...

WordPress Loco Translate Plugin <= 2.6.9 is vulnerable to Cross Site Request Forgery (CSRF)

Software Loco Translate Type Plugin Vulnerable versions = 2.6.9 Fixed in 2.6.10 OWASP Top 10 A4: Insecure Design Classification Cross Site Request Forgery CSRF CVE CVE-2024-37236 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID f02123bf72f2 Credits Nosa Shandy Required...

WordPress Groundhogg Plugin <= 3.4.2.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software Groundhogg Type Plugin Vulnerable versions = 3.4.2.3 Fixed in 3.4.3 OWASP Top 10 A4: Insecure Design Classification Cross Site Request Forgery CSRF CVE CVE-2024-37235 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 4cc62fb9525a Credits Ananda Dhakal Patchstack...

WordPress InstaWP Connect Plugin <= 0.1.0.38 is vulnerable to Arbitrary File Upload

Software InstaWP Connect Type Plugin Vulnerable versions = 0.1.0.38 Fixed in 0.1.0.39 OWASP Top 10 A4: Insecure Design Classification Arbitrary File Upload CVE CVE-2024-37228 Patch priority High CVSS severity High 10 Developer InstaWP PSID de870abeda47 Credits AtaTurk1925 Required privilege...

WordPress Zoho Marketing Automation Plugin <= 1.2.7 is vulnerable to SQL Injection

Software Zoho Marketing Automation Type Plugin Vulnerable versions = 1.2.7 Fixed in 1.2.8 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-37225 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID c6d98be82212 Credits LVT-tholv2k Required privilege...

WordPress SP Project & Document Manager Plugin <= 4.71 is vulnerable to Directory Traversal

Software SP Project & Document Manager Type Plugin Vulnerable versions = 4.71 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Directory Traversal CVE CVE-2024-37224 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 45309fbf1e76 Credits CatFather Required...

WordPress Kanban Boards for WordPress Plugin <= 2.5.21 is vulnerable to Broken Access Control

Software Kanban Boards for WordPress Type Plugin Vulnerable versions = 2.5.21 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37226 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 06ba84554f72 Credits LVT-tholv2k Requir...

WordPress WP Logs Book Plugin <= 1.0.1 is vulnerable to Cross Site Scripting (XSS)

Software WP Logs Book Type Plugin Vulnerable versions = 1.0.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4477 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 68e2026bab3a Credits Bob Matyas Required...

WordPress Themify – WooCommerce Product Filter Plugin <= 1.4.9 is vulnerable to SQL Injection

Software Themify – WooCommerce Product Filter Type Plugin Vulnerable versions = 1.4.9 Fixed in 1.5.0 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-6027 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 0ec8ecf4ef08 Credits Arkadiusz Hydzik Required...

WordPress Sparkle Demo Importer Plugin <= 1.4.7 is vulnerable to Broken Access Control

Software Sparkle Demo Importer Type Plugin Vulnerable versions = 1.4.7 Fixed in 1.4.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-6120 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 65191ad4a953 Credits Lucio Sá Required...

WordPress WP Job Manager - Resume Manager Plugin <= 2.1.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP Job Manager - Resume Manager Type Plugin Vulnerable versions = 2.1.0 Fixed in 2.2.0 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-37241 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 90dee78eac8d Credits Raf...

WordPress Book Landing Page Theme <= 1.2.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software Book Landing Page Type Theme Vulnerable versions = 1.2.3 Fixed in 1.2.4 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-37230 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID b75fbc99c1f0 Credits Dhabaleshwar Das...

WordPress Salon booking system Plugin <= 9.9 is vulnerable to Arbitrary File Deletion

Software Salon booking system Type Plugin Vulnerable versions = 9.9 Fixed in 10.0 OWASP Top 10 A1: Broken Access Control Classification Arbitrary File Deletion CVE CVE-2024-37231 Patch priority High CVSS severity High 8.6 Developer Claim ownership PSID 096d4dd72ddd Credits LVT-tholv2k Required...